mpp-service-discovery
Warn
Audited by Snyk on Jun 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The REQUIRED workflow explicitly performs runtime web fetches of outsider-authored free text—e.g., it fetches
https://paymentauth.org/draft-payment-discovery-00.html,https://mpp.dev/overview, and web-search results (“implementation examples”, “directory listing requirements”)—which the agent would ingest as readable page text into the LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill instructs agents to fetch external llms.txt files referenced in x-service-info (e.g., https://api.example.com/llms.txt), which are retrieved at runtime and used to describe/drive LLM agent behavior, so the fetched content can directly control agent prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata